A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:security@lise.de
Expires: 2026-12-31T22:00:00.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/C0D329867B246314E8D2A808AC5068AE824497C5
Preferred-Languages: en, de
Canonical: https://www.lise.de/.well-known/security.txt
Canonical: https://www.lise.de/security.txt
Canonical: https://lise.de/.well-known/security.txt
Canonical: https://lise.de/security.txt

# Please note: We do not offer bounties for low-risk or common configuration issues.
# This includes, but is not limited to, CORS misconfigurations, missing or weak CSP,
# X-Frame-Options headers, Clickjacking protections, cipher suite preferences,
# or HTTPS redirect behavior.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwNMphnskYxTo0qgIrFBoroJEl8UFAmiCOy0ACgkQrFBoroJE
l8Xsbw/+MtsYjcsw+THgWqnmihnpakJWXH4q+WX92k5b/sGTMvuJTz1MybtlQ+YS
z3OzyOIhdkmWQ+f0hIOEPxKkVqGmaO4Ou0/sG+M6rg8MFi7BXoXj3OzAssq3hQGo
8vQwm5A57pwLde69rj+maMYGGx4d+VIDyD/0V5HGCUv/n+U1T8emadLrl7C0SHRL
r5915NXItegJSI24xXCai9C3K9gZfdK6Ku9d/RzTUDPio065+bO1cZSe2TNqKO7b
GiqodfeHlNA22xFNoYTvvr9LiOsgqGzGVdU9GczVcRU7i+ySyg698hprmGyyiBD/
zXDPuQaMbozf6z4/7nVY5g6i2Vb16fNghjMEgMc2PpMp5qJCGhBzlODoC2URjENi
2ko9ubPM7K4uZ5x/zUBoJfS3L9P1Wx+B2VxrUcR3SmPbVgUTzk6xYSGQBbUHtckA
DEg61BCxgRAxc2qu4f3wDQAAJLmAkDCp+1wpjMzav7+815OwldUi9jjpyq0K5Sbb
JNMbNWje4OTXjcVT2zf6Dx7xoi96M5EWeDcm/eIiOrIf5T14SteNsopBMLSligiQ
bWK4Gw7kxUR7poyh2FSNr/pom84wxiqBWapZmCmgI00hATXvQtNXwabkx5Sgp/3K
Ka40DeeyPIvYOd6Q3Lccp6zvZ2ZF/y1C2h9Z9DwtP9m+cXAt4IU=
=lXXd
-----END PGP SIGNATURE-----